Cyber Security Standards in the Middle East Region
With the massive increase of cyber crimes in the OT space, the cabinets of UAE and other selected countries in the Middle East region (Bahrain, Saudi Arabia, Qatar among others) are concerned about securing the cyber infrastructure and protecting the data from cyber criminals.
Middle East governments are acutely aware of the new threat landscape of digitization. Many of them have stepped up their cyber security activities in recent years to bolster their national cyber security capabilities and elevate the protection level of their critical national information infrastructures.
In the UAE, cabinets have agreed to launch the UAE cyber security council to create a detailed cyber security plan and a safe and robust cyber infrastructure. The council will contribute to making a lawful and regulatory framework that wraps all sorts of cyber crimes, securing existing and emerging technologies, and setting a robust ‘National Cyber Incident Response Plan’ to promote a swift and coordinated response to cyber incidents in the country.
As per the Global Cybersecurity Index 2020 report, issued by the International Telecommunication Union, the UAE was indexed fifth worldwide for a robust cyber security infrastructure.
The Global Cybersecurity Index 2020 report measured 193 countries for their cyber security infrastructure on the following five sectors:
- Legal sector
- Technical sector
- Organizational sector
- Capacity development sector
- Cooperation sector.
Let’s discuss the significant measures taken by the government in the UAE and other governing bodies in Saudi Arabia, Bahrain and Qatar to protect the cyber sector.
UAE: Information Assurance Framework
With the rapidly growing cyber threats, including hacktivists and planned cyber crime squads that challenge national safety and compromise vital information assets, the Telecommunications and Digital Government Regulatory Authority formed the ‘UAE Information Assurance Regulation’ to deliver needs to introduce the minimum level of security of information assets and to support systems across all commodities in the UAE. The regulation aims for a trusted digital environment all around the UAE.
In particular, the IA framework provides:
- A risk-based strategy to identify and protect critical information assets within an entity.
- Value-added components that set the links from an individual entity to the sector and national context.
- An overview of the roles and duties of critical stakeholders for the planning, growth, performance, and ongoing monitoring and advancement of IA.
- A phased performance approach to address the most familiar threats, facilitate the incremental adoption of IA, and optimize the value realized through the implementation of IA.
- An enabler for inter-entity and cross-sector communication to help information sharing and build national situational awareness.
UAE Cyber Security
The UAE introduced FedNet, to convert it into a worldwide recognized mobile government that delivers the finest assistance to the people at any place, round the clock. In addition, FedNet is aligned with Vision 2021, which seeks to make the UAE one of the most promising countries in the world by the year 2022.
The FedNet team is responsible for observing and monitoring the events and procedures of the FedNet round the clock, ensuring that the necessary actions are taken in case of errors or violations. A Security Information and Event Management (SIEM) system is operated by a dedicated 24/7/365 security operations center (SOC) to manage all security events within FedNet.
Some of the components of Federal Network (FedNet) possess:
- Secured infrastructure
FedNet has been enforced with an assured architecture for the interconnected government entities, improving the UAE’s cyber security. This is accomplished through the secure and confidential network, Multi-protocol Label Switching (MPLS) cloud.
- Cloud computing
The FedNet program will provide a cloud environment that is scalable on-demand, has an extensive computing and repository capacity, and is available 24/7.
- Central hosting
FedNet is created around a central hosting idea whereby Mobile Government services and applications can be delivered quickly using the latest cloud synchronization and automation technologies.
- High availability
High availability is an essential principle of FedNet’s strategy. This implies no single point of failure within the FedNet network structure.
- Cost-saving
FedNet is cost-effective as it consolidates shared government services and lessens the internet footprint within the UAE.
- Comprehensiveness
The coverage of FedNet unfolds to all government entities in the UAE. FedNet is being enforced in local government entities in phases. Once implemented, FedNet will allow governments to trade data and services across the UAE.
- Scalability
FedNet can extend the services and solutions it delivers depending on the increasing future requirements of the government entities.
UAE Cyber Security Strategy Framework
The UAE National Strategy seeks to set a path to secure state information and advice to achieve the national vision. To do so, this national strategy is developed from five core areas:
- Strengthen the safety of UAE cyber assets and decrease corresponding threat levels. The main objective is to elevate the Minimum Protection Level of Cyber Assets, comply with UAE Cyber Security Standards, and verify effectiveness.
- Control incidents to decrease the impact on society and the economy. The main objective here is to develop and embed incident response management capabilities and improve threat neutralization capabilities.
- Develop cyber security research innovation and UAE’s workforce to meet cyber security requirements. The goal is to inform and educate the UAE public and workforce.
- Foster collaboration between national and international stakeholders to catalyze cyber security measures.
- Also, deliver national leadership to produce local and emirates cyber security initiatives at the national level.
Initiatives taken by government to strengthen cyber security in the UAE
- Establishing aeCERT
The UAE created a “Computer Emergency Response Team” (aeCERT) to enhance information security standards and protect the IT infrastructure from possible threats and breaches. aeCERT seeks to support and provide secure cyberspace for UAE nationals and residents and convey information about dangers, vulnerabilities, and cybersecurity incidents.
- Cyber C3
‘Cyber C3’ is a program that strives to create ‘digital citizens’ who can profit from online participation while accepting accountability for self-protection and the possible outcomes of their online behavior. Cyber-citizenship goes beyond security and threat. It is dubbed for positive engagement in the digital environment.
- Salim- an online cybersecurity advisor
UAE Computer Emergency Response Team (aeCERT), jointly with Aqdar, established the initiative Salim, a digital cybersecurity advisor, with the motto ‘Towards a safe cyberculture’
This initiative seeks to spread knowledge about cyber safety to the entire community and have an upcoming generation with comprehensive knowledge about information security.
- UAE to host “Cybertech Global Conference” in June 2022
The Conference strives to promote expert partnerships, create new business possibilities with a broad range of sectors with conference sessions and special occasions emphasizing AI, Advanced IoT, Big Data, Cloud, Blockchain, and focuses on a broad spectrum of diverse sectors varying from Finance and Insurance, SCADA/ICS, Mobile and Communications, Health Industry, Smart Mobility, and many more.
Cyber security standards launched by the UAE government
The UAE has seen rapid growth in cyberattacks, as organizations have been forced to work remotely due to the Covid pandemic. Keeping this in mind, the government has declared adopting cyber security standards for government agencies. The funding for 2022-2026 has a total outlay of 290 billion dirhams ($79 billion) and is the largest in the record of the Gulf state.
Dubai Cyber Index
H. Sheik Hamdan bin Mohammed bin Rashid Al Maktoum, the Crown Prince of Dubai and Chairman of the Executive Council of Dubai, founded the Dubai Cyber Index. This enterprise strived at helping the endeavors of Dubai Government entities to guarantee the highest cyber security benchmarks. Existing as the first enterprise of its kind globally, the index aims to set Dubai as the city with the safest cyberspace in the world.
The index is focused on the aim of the “Dubai Cyber Security Strategy” to protect Dubai from a span of cyber security threats and sustain the emirate’s financial development. It also aims to encourage healthy competition among government commodities in cyber security and promote the growth of capabilities and excellence in this field.
Saudi Arabia : ECC (Essential Cyber security Controls)
Essential Cybersecurity Controls have been created with the cyber security requirements of all associations and sectors, keeping the Kingdom of Saudi Arabia in mind. There are minimum cyber security requirements with which associations must comply.
The controls are created to secure the confidentiality, integrity, and availability of an association’s data and technology assets. And the controls spin around the four pillars of people, technology, processes, and strategy.
Bahrain: National Cybersecurity Strategy
The vision is to establish a safe cyberspace to protect national interests and protect the Kingdom of Bahrain against cyber threats to reduce risks.
The following six objectives of the strategy are:
- Safeguard critical national infrastructure (CNI)
- Respond decisively to cyber threats
- Establish a legislative and regulatory framework
- Develop a vibrant cyber security ecosystem
- Create a safer cyber-space
- International cooperation
Qatar: Cyber Security Framework for 2022
The Supreme Committee for Delivery & Legacy (SCDL) published the Qatar cyber framework to establish a standard for all involved in the FIFA World Cup to follow. The framework illustrates the core cyber-competencies and cyber-capabilities required to save critical national services that sustain the FIFA World Cup. Because there will be more digital presence than ever before, there are additional challenges with safety and privacy. With the help of numerous global partners, the Security Committee formed the Qatar Cybersecurity Framework (QCF) to assure a secure and safe event.
The SCDL took a capability-based strategy to define the framework that considers the risks acknowledged by various commodities. This strategy concentrates on embedding must-have abilities to mitigate those elevated risks. To determine the precise capabilities required, the SCDL peeked at basic operational activities separated into layers surrounding data that apply to all systems. The framework eventually identified 14 cybersecurity capabilities marked under three pillars: Prevention, Detection, and Response.
Whether your company is in the UAE, Saudi Arabia, Bahrain, Qatar or any other country in the Middle East region, it is essential to have an OT cyber security plan in place to protect your critical infrastructures. Discover more about OT cyber security and how to develop a solid OT cyber security plan in the latest eBook from ATS.
Be one of the first to have a copy of the ATS eBook on Operational Technology (OT) and download your free copy today.
